On a *nix system I can use a chroot to isolate 2 processes from each other and from the rest of the system. Is there any similar security system under windows? Or is there any way to prevent 2 processes from reading/writing to each others files?

@MarkM So you would say that a chroot isn't a security system? Also, that attack doesn't work on a grsecurity chroot (grsecurity.net).
–
RookJul 18 '10 at 17:50

1

@The Rook - In that kerneltrap discussion, kernel devs discuss the fact that chroot was never intended to be a security device/
–
MDMarraJul 18 '10 at 18:12

@MarkM Interesting, but with the grsecuirty improvements the only method of breaking out would be to rip a hole into kernel land, which could be done buffer overflow in linux (or whatever kernel you are using).
–
RookJul 18 '10 at 18:35

@The Rook - Right, I was simply saying that you may want to rephrase the question. There have been extensions to chroot or spins on the concept (like jails) that have been designed with security in mind. In your post, you refer to chroot as a security device, which it was never intended to be.
–
MDMarraJul 18 '10 at 19:57

In a physical environment, every application depends on its OS for a range of services, including memory allocation, device drivers, and much more. Incompatibilities between an application and its operating system can be addressed by either server virtualization or presentation virtualization; but for incompatibilities between two applications installed on the same instance of an OS, you need Application Virtualization.

One of my processes was poorly written and very insecure, management doesn't want to fix it because it would be "too expensive". I expect this process to get owned eventually and i want to limit the impact on my system. If you really believe there is nothing to gain, then you must read more about chroots.
–
RookJul 18 '10 at 17:49